Legitimate emails can exhibit these traits, but messages with three or more of them are at a higher risk of being part of a social engineering attack. Most social engineering attacks display all these traits. Let’s explore each high-risk trait in more detail.
1. Message Arrives Unexpectedly
Victims rarely expect messages from social engineering attacks, especially about the subject involved. While legitimate emails often arrive unexpectedly, expecting a message and its request usually indicates it is not a scam. However, this isn’t foolproof. For instance, in mortgage loan escrow scams, attackers may compromise a legitimate officer’s email, making the request seem legitimate. Typically, social engineering schemes start with an unexpected request.
2. Sender Asks Something Out of the Ordinary
Social engineering requests often ask victims to do something they’ve never done before, like sending money or opening a document. Many phishing emails come from legitimate accounts controlled by malicious actors. Even then, the request is typically something the real sender has never asked before. This “net new” request increases the risk.
3. Requested Action is Potentially Harmful
Could performing the requested action potentially harm the recipient or their organization? Requests to open documents, execute programs, send information, or enter passwords are examples of potentially harmful actions. If the request is unlikely to cause harm (e.g., praying for someone or writing to a government representative), it is less likely to be social engineering.
4. Attacker Attaches an Unusual File or URL
Most digital social engineering attacks involve a rogue link to click on or a document or program to download and open. For example, an email might request personally identifiable information, such as banking details or a Social Security number, but often includes dangerous links or files.
Common malicious file formats include EXE, DLL, URL, SCR, HTA, HTM, HTML, MSI, SYS, ZIP, 7Z, BIN, CAB, CPL, and Microsoft Office document types (e.g., DOCX, XLSX, PPTX). There are many lists of potentially dangerous file types available online. Attachments in safer formats, like TXT or PDF without embedded links or active content, are generally considered less risky.
5. The Attacker Includes a Sense of Urgency
Most scams create a heightened sense of urgency, known as “stressor events.” Scammers use these to convey a threat of harm (e.g., work, physical, financial) if the victim doesn’t act quickly. This urgency prevents the recipient from consulting authoritative resources.
If a message exhibits three or more high-risk traits, stop and carefully consider whether it might be a social engineering scam before proceeding.
Solution to Social Engineering Attacks
The quickest and easiest solution is to contact the sender using a known legitimate phone number to confirm the request or visit the vendor’s official website directly to verify the request. This simple check can prevent billions of dollars in theft and save millions of hours of stress and heartache. Feel free to share the graphic summary above (or this entire article) with end users.
While not all social engineering scams exhibit all or most of these traits, the vast majority do. Teaching everyone to recognize these high-risk traits is one of the most effective ways to prevent cybercrime and social engineering attacks.
Request A Demo: Security Awareness Training
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one-and-done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4’s Security Awareness Training and simulated phishing platform and see how easy it can be!
